Re: help with ldap/checkitem

[Joe Vieira]

so a little more info on this

if i change
DEFAULT VPNGroupName == testing
      CVPN3000-IPSec-Split-Tunneling-Policy = 1,
      Filter-Id="itsadmin-filter",
      CVPN3000-DHCP-Network-Scope = "140.232.2.1",
      CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"

to

DEFAULT VPNGroupName =* testing
      CVPN3000-IPSec-Split-Tunneling-Policy = 1,
      Filter-Id="itsadmin-filter",
      CVPN3000-DHCP-Network-Scope = "140.232.2.1",
      CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"

i STILL don't get the attribute...so clearly i am doing something VERY 
wrong, is anyone able to send me in the right direction?

Joe Vieira
UNIX Systems Administrator
Clark University - ITS



Joe Vieira wrote:
I created the attribute, and i don't get any dictionary errors

[EMAIL PROTECTED] raddb]# cat dictionary | grep VPN
ATTRIBUTE       VPNGroupName            3001    string

Joe Vieira
UNIX Systems Administrator
Clark University - ITS



[EMAIL PROTECTED] wrote:
  
Attribute is most likely VPN-Group-Name. Check in the freeradius
dictionary.

Ivan Kalik
Kalik Informatika ISP


Dana 9/11/2007, "Joe Vieira" <[EMAIL PROTECTED]> piše:


    
Hi,
   I am having some confusing trouble with an LDAP check item.
applicable line from ldap attribute file

---
checkItem       VPNGroupName                    clarkuVlan
----
Users file.
############## VPN USER CONFIG ########################
DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
       Reply-Message = "Welcome %u, to Clark University's network
#AUTHORIZED USE ONLY#",
       Fall-Through = Yes

############# VPN TEST USER CONFIG ####################

DEFAULT VPNGroupName == testing
       CVPN3000-IPSec-Split-Tunneling-Policy = 1,
       Filter-Id="itsadmin-filter",
       CVPN3000-DHCP-Network-Scope = "140.232.2.1",
       CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"



debug output
....
rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by
clarkuVpnAccess
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
....
Login OK: [CLARKU\\bjulin] (from client vpn port 176)
Sending Access-Accept of id 8 to 10.13.13.1 port 1025
       Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's
network #AUTHORIZED USE ONLY#"
       Framed-MTU = 576
       MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
       MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
       MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
       MS-MPPE-Encryption-Policy = 0x00000002
       MS-MPPE-Encryption-Types = 0x00000004
....

so i see it set the check item VPNGroupName to testing, but it never
matches in the users file, can anyone point to what i am doing wrong?


--
Joe Vieira
UNIX Systems Administrator
Clark University - ITS

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

    
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html